From 6f6f20be24c841e61f999a4cff0bb86cf671aa56 Mon Sep 17 00:00:00 2001 From: xue <> Date: Mon, 13 Feb 2006 02:53:49 +0000 Subject: Updated cookie tutorial. --- demos/quickstart/protected/pages/Security/Cookie.page | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'demos/quickstart/protected/pages/Security') diff --git a/demos/quickstart/protected/pages/Security/Cookie.page b/demos/quickstart/protected/pages/Security/Cookie.page index 843f99fb..6e95e380 100644 --- a/demos/quickstart/protected/pages/Security/Cookie.page +++ b/demos/quickstart/protected/pages/Security/Cookie.page @@ -14,10 +14,18 @@ There are several countermeasures to prevent cookies from being attacked.
-Prado implements a cookie validation scheme. It associates cookie data with the target remote host address and user agent. HMAC check is performed to ensure that cookie data is not altered and is sent from the expected source. +Prado implements a cookie validation scheme that prevents cookies from being modified. In particular, it does HMAC check for the cookie values if cookie validation is enable.
-Cookie validation is enabled by default. To obtain validated cookie data, retrieve them from the Cookies collection of THttpRequest by using the following PHP statements, +Cookie validation is disabled by default. To enable it, configure the THttpRequest module as follows, +
++To make use of cookie validation scheme provided by Prado, you also need to retrieve cookies through the Cookies collection of THttpRequest by using the following PHP statements,